CNHI Data Breach Exposes Sensitive Information of Over 1,200 Individuals
CNHI, LLC, a major U.S. media company operating over 130 print and digital news outlets across 22 states, suffered a significant data breach between April 27 and May 17, 2025. The PLAY ransomware group infiltrated CNHI’s network, exfiltrating files containing sensitive personal data. The hackers publicly claimed the breach on the dark web on May 21, 2025, threatening to leak the stolen information.
On November 19, 2025, CNHI confirmed that the breach exposed personally identifiable information (PII) of individuals, including at least 1,203 residents in South Carolina, 57 in Maine, and 23 in Rhode Island. Compromised data may include names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and financial information.
CNHI began notifying affected individuals on December 8, 2025, after disclosing the breach to the Attorney Generals’ offices in Maine, South Carolina, and Vermont. The company is offering free Experian IdentityWorks credit monitoring to impacted individuals. Legal firms, including Shamis & Gentile P.A., are investigating potential compensation for those affected, citing possible reimbursement for expenses, time lost, or emotional distress.
The breach underscores the growing threat of ransomware attacks targeting media organizations and the risks of exposed PII.
Source: https://www.claimdepot.com/investigations/cnh-industrial-data-breach-2025
CNHI cybersecurity rating report: https://www.rankiteo.com/company/cnhi
"id": "CNH1765305963",
"linkid": "cnhi",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '1,283+ (1,203 in South '
'Carolina, 57 in Maine, 23 in '
'Rhode Island)',
'industry': 'Media, News',
'location': 'Montgomery, Alabama, USA',
'name': 'CNHI, LLC',
'size': '240+ employees',
'type': 'Company'}],
'customer_advisories': 'Written notification letters sent to affected '
'individuals starting December 8, 2025',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '1,283+',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Address',
'Date of birth',
'Contact information',
'Social Security numbers',
'Driver’s license number',
'Financial information']},
'date_detected': '2025-11-19',
'date_publicly_disclosed': '2025-12-08',
'description': 'CNHI, LLC experienced a significant data breach between April '
'27, 2025, and May 17, 2025, where an unauthorized actor, '
'identified as the PLAY ransomware group, gained access to the '
'company’s computer network and exfiltrated sensitive files. '
'The breach was publicly claimed on the dark web on May 21, '
'2025. Compromised data included personally identifiable '
'information of individuals, leading to notifications to '
'affected parties and regulatory bodies.',
'impact': {'data_compromised': 'Sensitive personally identifiable information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing (Lawsuit investigation)',
'motivation': 'Data exfiltration, Ransom demand',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'PLAY'},
'recommendations': ['Enroll in free Experian IdentityWorks credit monitoring '
'service',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major credit '
'bureaus',
'Seek legal help to understand rights and pursue '
'compensation'],
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General',
'South Carolina '
'Attorney General',
'Vermont Attorney '
'General']},
'response': {'communication_strategy': 'Written notification letters to '
'affected individuals, disclosures to '
"Attorney Generals' offices"},
'threat_actor': 'PLAY ransomware group',
'title': 'CNHI, LLC Data Breach Investigation',
'type': 'Data Breach, Ransomware'}